SingCERT (IDA) Should Have Been More Informative And Specific
One Singaporean website (which was not government related) was hacked by an angry Indonesian hacker with the moniker “bambu” over the haze news – you can read more here. I am not going to go in details of what happened to the site. But at least i was rather expecting slightly more technical details from SingCERT on how the website got compromised, which part of the modules or code or at least shed some lights on how it happened.
Instead of an email with only (see the screenshot below) …
I am least surprise that even Wikipedia forgotten that Singapore and SingCERT exist [Link here] given that sort of email being distributed out at a national or even international level.
For those who does not know what / who is SingCERT, here is a quick “about us” on them which referenced from IDA’s website – https://www.ida.gov.sg/About-Us/Newsroom/Media-Releases/2006/20050704163357 .
SingCERT was established in 1997 and has a history of reaching out to the region to improve information security. They were one of the founding members of the Asia Pacific CERT (APCERT) grouping which is a trusted contact network of computer security experts in the Asia Pacific region with the aim to improve the region’s awareness and competency in relation to computer security incidents. SingCERT is a member of the APCERT Steering Committee and plays an important role in helping to promote and shape the direction of the CERT engagement in the Asia Pacific region. SingCERT also works closely with the CERTs of the Association of Southeast Asian Nations (ASEAN) in the area of improving the cyber security readiness and preparedness of the member countries.
To the very least. To show to the people that you actually did spend effort in keeping the purpose of SingCERT notable, shouldn’t they actually change the Joomla default site icon to their logo instead?
Seriously, i do not need an email that general or generic to figure out that – oh something happened, i need to secure stuff – defeat your purpose of existence and the fact that the social media spread the news faster than SingCERT did in terms of alerting the people.
Maybe IDA could further explain the purpose of SingCERT clearly to the public and reconsider it’s function to the tech public.